CVE-2023-2101

Name of the Vulnerable Software and Affected Versions moxi624 Mogu Blog v2 up to 5.2

Description A problematic issue has been found in the software, affecting the function uploadPictureByUrl of the file /mogu-picture/file/uploadPicsByUrl. The manipulation of the argument urlList leads to absolute path traversal. The attack may be initiated remotely.

Recommendations For moxi624 Mogu Blog v2 up to 5.2, consider disabling the uploadPictureByUrl function until a patch is available to prevent absolute path traversal attacks. Restrict access to the /mogu-picture/file/uploadPicsByUrl endpoint to minimize the risk of exploitation. Avoid using the urlList argument in the affected endpoint until the issue is resolved.